How a flashlight app illuminated modern smartphones' privacy problems
It's hard to know who is monitoring your location, online activities, or the people with whom you interact. It's even harder to know how they got that information. Did they intercept messages between data centers? Have they secretly asked companies for user information? Is their seemingly-harmless Android app secretly collecting and sharing user data?
The first two monitoring methods were revealed during ongoing investigations into the ways the National Security Agency surveils billions of people around the globe. The third was revealed after the Federal Trade Commission filed a complaint against the company behind a popular flashlight app that happened to be sharing "users’ precise location and unique device identifier to third parties, including advertising networks."
There is an obvious difference between the mass surveillance perpetuated by the NSA and other government agencies and a consumer app selling its users' data to advertisers. But in the wake of the many government oversteps revealed by media organizations around the world, it's worth remembering that government agencies aren't the only ones monitoring Internet users without their knowledge or consent.
It's not that the app simply collected user information without their consent, either. It's that the app presented an option to users supposedly allowing them to keep their data private and then shared the information with advertising networks anyway, according to the FTC. Users trusted that because the app was decent enough to ask them if they'd like to share their information that it would also be decent enough to respect their answer -- that was a mistake.
“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, in an announcement that the company has settled with the FTC. “But this flashlight app left them in the dark about how their information was going to be used.”
The settlement requires the app's creator, Goldenshores Technologies, to remove all user data from its servers. The app will also have to ask users if they would like to share their personal information -- and, you know, respect their decision -- and make the type of data it collects and with whom the data will be shared clearer than before. Put another way, the FTC has now made Goldenshores Technologies do many of the things it professed to be doing in the first place.
This is a definite win for the "tens of millions" of people who downloaded the app. But the process through which this company's wrongdoings were exposed and corrected is untenable. How is the FTC going to comb through the hundreds of thousands of applications available in the App Store or Google Play? How will consumers defend themselves in the meantime? The answers to those questions aren't any clearer than they were yesterday, and this settlement is little more than a tiny ripple in what might be an incredibly large pond of dishonest app developers.
No wonder President Obama isn't allowed to own an iPhone. This app affected tens of millions of consumers before the FTC forced it to delete their personal information and better respect their wishes in the future. It's much easier to use a BlackBerry and play "BrickBreaker" until the end of time than it is to figure out what apps are safe to use on other platforms.